kubernetes_mk_lgg_

 

 

 

 

 

架构设计图:etcd保存了整个集群的状态; apiserver提供了资源操作的唯一入口,并提供认证、授权、访问控制、API注册和发现等机制; controller manager负责维护集群的状态,比如故障检测、自动扩展、滚动更新等; scheduler负责资源的调度,按照预定的调度策略将Pod调度到相应的机器上; kubelet负责维护容器的生命周期,同时也负责Volume(CVI)和网络(CNI)的管理; Container runtime负责镜像管理以及Pod和容器的真正运行(CRI); kube-proxy负责为Service提供cluster内部的服务发现和负载均衡;

 

 

--------------------------------------------------------

kubernetes的认证和授权

 

 

-----------------------------------------------------------------------------------------------

 

架构设计图:etcd保存了整个集群的状态;
apiserver提供了资源操作的唯一入口,并提供认证、授权、访问控制、API注册和发现等机制;
controller manager负责维护集群的状态,比如故障检测、自动扩展、滚动更新等;
scheduler负责资源的调度,按照预定的调度策略将Pod调度到相应的机器上;
kubelet负责维护容器的生命周期,同时也负责Volume(CVI)和网络(CNI)的管理;
Container runtime负责镜像管理以及Pod和容器的真正运行(CRI);
kube-proxy负责为Service提供cluster内部的服务发现和负载均衡;


基于kubeadm高可用集群搭建:
集群可用性测试:
1. 创建nginx ds
# 写入配置
$ cat > nginx-ds.yml <<EOF
apiVersion: v1
kind: Service
metadata:
name: nginx-ds
labels:
app: nginx-ds
spec:
type: NodePort
selector:
app: nginx-ds
ports:
- name: http
port: 80
targetPort: 80
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: nginx-ds
labels:
addonmanager.kubernetes.io/mode: Reconcile
spec:
template:
metadata:
labels:
app: nginx-ds
spec:
containers:
- name: my-nginx
image: nginx:1.7.9
ports:
- containerPort: 80
EOF

# 创建ds
$ kubectl create -f nginx-ds.yml

2.检查各种ip连通性:
[root@m1 ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-ds-4sgjg 1/1 Running 0 38s 172.22.3.3 s1 <none> <none>
nginx-ds-5n7k6 1/1 Running 0 38s 172.22.4.3 s2 <none> <none>
[root@m1 ~]# ping 172.22.3.3
PING 172.22.3.3 (172.22.3.3) 56(84) bytes of data.
64 bytes from 172.22.3.3: icmp_seq=1 ttl=63 time=0.981 ms
64 bytes from 172.22.3.3: icmp_seq=2 ttl=63 time=0.695 ms

[root@m1 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 14h
nginx-ds NodePort 10.103.179.226 <none> 80:32680/TCP 4m24s

curl 192.168.220.10:32680 #所有m1 m2 m3 s1 s2
curl 10.103.179.226 #集群内ip

3.检查dns可用性
# 创建一个nginx pod
$ cat > pod-nginx.yaml <<EOF
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: nginx:1.7.9
ports:
- containerPort: 80
EOF

# 创建pod
$ kubectl create -f pod-nginx.yaml

# 进入pod,查看dns
$ kubectl exec nginx -i -t -- /bin/bash

# 查看dns配置
root@nginx:/# cat /etc/resolv.conf

# 查看名字是否可以正确解析
root@nginx:/# ping nginx-ds
-----------------------------------------------------------

harbor
https://github.com/goharbor/harbor
v1.6.0
https://github.com/goharbor/harbor/releases

harbor高可用:

 

nginx做负载均衡,AB两机器互相拉取,双主复制。

 三台服务器,ab两台下载好harbor

ab都解压:

 tar xvf harbor-offline-installer-v1.6.0.tgz 

cd harbor

ab 都修改文件 vim harbor.cfg

修改hostname=192.168.220.10   #另外一台改成自己的

harbor_admin_password = Harbor12345

 

vim docker-compose.yml

harbor磁盘一般放在/data,要大一些

 

sh install.sh

发现需要下载docker-compose

ab都下载docker-compose

mv docker-compose-Linux-x86_64-1.22.0 /usr/local/bin/docker-compose
[root@m1 harbor]# chmod +x /usr/local/bin/docker-compose

最后 sh install.sh

 

ab机关闭harbor

docker-compose down

ab机打开harbor

docker-compose up -d

 

 

c机装个nginx,负责负载均衡

docker pull nginx:1.13.12

[root@m3 ~]# cat nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events{
worker_connections 1024;
}
stream {
upstream hub {
server 192.168.220.10:80;
}
server {
listen 80;
proxy_pass hub;
proxy_timeout 300s;
proxy_connect_timeout 5s;
}
}

 

[root@m3 ~]# cat nginx_restart.sh
#!/bin/bash
docker stop harbornginx
docker rm harbornginx
docker run -dit --net=host --name harbornginx -v /root/nginx.conf:/etc/nginx/nginx.conf nginx:1.13.12

 

sh nginx_restart.sh

 

访问m3这台c机器的nginx

新建一个项目alexk8s

 

去m3的c机随便找个镜像,打个tag,上传一下

vim /etc/hosts

192.168.220.12 m3 alexshuai.com

由于是443的,要对docker更改一下配置:

vim /etc/docker/daemon.json

{
"insecure-registries": ["alexshuai.com"],
"exec-opts": ["native.cgroupdriver=cgroupfs"],
"registry-mirrors": ["https://welk5fzf.mirror.aliyuncs.com"]
}

service docker restart

注意:如果其他机器要pull镜像,也要做以上工作

sh nginx_restart.sh    #nginx 由于docker重启被停了,启动

 

去harbor网页新建用户

alex

123456Ab

并且附加到alexk8s这个仓库

 

docker login alexshuai.com

 

 docker tag nginx:1.13.12 alexshuai.com/alexk8s/nginx:1.13.12

docker push alexshuai.com/alexk8s/nginx:1.13.12

最后到网页上看看

 

posted @ 2019-09-20 10:39  alexhe  阅读(185)  评论(0编辑  收藏  举报